Michal Prokopiuk reports a privilege escalation in MySQL.
The vulnerability causes MySQL, when run on case-sensitive
filesystems, to allow remote and local authenticated users
to create or access a database when the database name
differs only in case from a database for which they have
permissions.

Michal Prokopiuk reports a privilege escalation in MySQL.
The vulnerability causes MySQL, when run on case-sensitive
filesystems, to allow remote and local authenticated users
to create or access a database when the database name
differs only in case from a database for which they have
permissions.

Reports indicate that an attacker that has 'CREATE TEMPORARY TABLE'
privileges on an affected installation may leverage this
vulnerability to corrupt files with the privileges of the MySQL
process.

MySQL is reported prone to an input validation vulnerability that
can be exploited by remote users that have INSERT and DELETE
privileges on the 'mysql' administrative database.

Reports indicate that this issue may be leveraged to load an
execute a malicious library in the context of the MySQL process.

Finally, MySQL is reported prone to a remote arbitrary code
execution vulnerability. It is reported that the vulnerability may
be triggered by employing the 'CREATE FUNCTION' statement to
manipulate functions in order to control sensitive data
structures.

This issue may be exploited to execute arbitrary code in the
context of the database process.

Reports indicate that an attacker that has 'CREATE TEMPORARY TABLE'
privileges on an affected installation may leverage this
vulnerability to corrupt files with the privileges of the MySQL
process.

MySQL is reported prone to an input validation vulnerability that
can be exploited by remote users that have INSERT and DELETE
privileges on the 'mysql' administrative database.

Reports indicate that this issue may be leveraged to load an
execute a malicious library in the context of the MySQL process.

Finally, MySQL is reported prone to a remote arbitrary code
execution vulnerability. It is reported that the vulnerability may
be triggered by employing the 'CREATE FUNCTION' statement to
manipulate functions in order to control sensitive data
structures.

This issue may be exploited to execute arbitrary code in the
context of the database process.